Announcements
Cloud
June 1, 2022 By Charles Comiskey
Andrew Low
JP Parkin
5 min read

With Event Routing, you can configure and route your Activity Tracker event data to multiple locations within the IBM Cloud Activity Tracker service.

IBM Cloud Activity Tracker is expanding your ability to configure and route activity event data to alternate locations. Audit events are critical data for security operations and a key element for meeting compliance requirements. Control over the handling of these events, and the storage location is critical to building enterprise-grade solutions on the IBM Cloud. 

Effectively immediately, you can configure and route your Activity Tracker event data to multiple locations within the IBM Cloud Activity Tracker service. Routing includes the ability to redirect or forward both global and location-based event data from one region to an Activity Tracker hosted search or IBM Cloud Object Storage (COS) bucket in an alternate region.  This enables you to do the following:

  • Consolidate Activity Tracker data to the region of your primary operations
  • Route to one or multiple locations
  • Improve your data residency compliance stature, keeping data at-rest within certain regions
  • Feed a data lake for analytics
  • Forward your activity event data to IBM COS for IBM Cloud for Financial Services compliance

This new ability is available within the IBM Cloud Activity Tracker Event Routing feature. The feature is supported the Dallas, Washington DC, Frankfurt, London and Sydney regions. The Event Routing feature is also enhanced to support service-to-service authorization, helping to simplify IP allow list security configurations when sending data to a COS bucket.

Consolidate your activity event data

Activity Tracker data originates within the regions of each IBM Cloud account where you use IBM Cloud. Location-based events default to the region they originate, optimized for data residency. Global events may cover multiple regions and default to Frankfurt, optimized for GDPR compliance. These default approaches are not practical in some operations environments because it results in data needing to be managed through multiple Activity Tracker instances: 

The new Event Routing feature enables you to consolidate your event data to a single Activity Tracker instance within your account or to consolidate multiple locations of activity event data into a common Activity Tracker instance within an account. The account may also be an enterprise account consolidating event data from multiple accounts.   

In the example below, location-based and global events from Account A and Account B are routed to a common Activity Tracker-hosted event search instance. Events aggregated to the common instance may be alerted and searched together within a single instance. Consolidated data may also be shared with a SIEM or data lake locations: 

Route to multiple locations

The new routing features also supports sending data to multiple locations at the same time. An example is a global company running on IBM Cloud with multiple applications running across multiple accounts. Each account maintains their own operations. The company also needs an additional copy of activity event data required for corporate-level management and compliance:

Routing data to target instances can be defined for one or more locations. Routing data to targets is accomplished through a set of defined routes. Routes may have multiple rules assigned, and multiple routes can be configured per account. Routes can be coordinated across accounts to build enterprise-grade solutions. 

Whether your use of IBM Cloud as a single account or an enterprise with multiple child accounts, the IBM Cloud Activity Tracker Event Routing features provide the ability to control the target location of the data.

Improve your data residency stature

The Activity Tracker Event Routing feature helps improve your data residency compliance stature if data needs to be kept within a designated region or country. Global event data generated in IBM Cloud can be routed to land in the region of your choice:

For example, a technology company has a compliance requirement to keep all related activity events in-country, including global events. Routes can be configured to redirect global events to a desired target within a location. Routes may also be configured to redirect location-based events from regions where event routing is supported. 

The new Event Routing features also help you maintain control for how your data and route metadata is managed. Your account can be configured to only use private endpoints. Routing metadata can be stored in designated regions:

Add data-level control with Activity Tracker streaming

The IBM Cloud Activity Tracker streaming feature boosts your level of data control, and you can configure advanced filtering of event data in-motion. Filtering is done with exclusion rules evaluating each data event. Data meeting evaluation criteria is sent to a configured IBM Event Streams instance.

The combination of event routing for locational control and streaming for data-level control provides a high degree of flexibility. Enterprise customers can solve for more complex data management needs and may create highly customized solutions. 

Sending data to data lakes

Whether your environments have data puddles, ponds, lakes or oceans, IBM Cloud Activity Tracker events can be routed to the right target. Targets may include sending data to COS and using Data Engine.

Configuring data for IBM Cloud for Financial Services compliance with service-to-service authorization

Clients seeking IBM Cloud for Financial Services compliance may continue to send data directly and exclusively to IBM Cloud Object Storage (COS). Service-to-service authorization between IBM Cloud Activity Tracker Event Routing and COS is now possible. This authorization simplifies IP allow list and key management and can be configured from either the CLI or API. Account admins only need to set up the authorization once per account.

Configuring Event Routing

IBM Cloud Activity Tracker Event Routing is configurable by API, CLI or Terraform. First-time users of the Event Routing features should begin with the Event Routing getting-started section. When ready to enable the new routing features shared in this blog, plan where data will be routed. Several key configuration decisions include the following:

  • Will data be forwarded exclusively to a Cloud Object Storage bucket or to an Activity Tracker event search instance? Data can also be configured to go to both at the same time.
  • Which COS bucket or hosted event search instance will store the consolidated data?
  • Which admins have the ability to manage the routes and from where will admins be able to manage them?
  • Where will routing configurations be stored?

Increase your IBM Cloud activity awareness today

IBM Cloud Activity Tracker captures a record of your IBM Cloud activities. The new Event Routing features enable you to optimize where your activity event data lands. A comprehensive list of cloud services and the events generated is available here:

  • IBM Cloud Activity Tracker events increase your visibility to IBM Cloud configuration changes so you can manage the risk of incorrectly configured services more effectively.
  • Activity events simplify your understanding of IT complexity and agile development actions in the cloud. The combination of events provides a holistic view of what happened.
  • Insights from the event data help accelerate identification of abnormal activities. For example, track the frequency and volume of access management events or multi-factor authentication configuration changes.

Learn more about the IBM Cloud Activity Tracker service and configure event routing to best meet your needs.

Charles Comiskey
Product Manager
Andrew Low
Senior Technical Staff Member
JP Parkin
IBM Cloud Observability Architect

More from Announcements
June 24, 2024

Manage the routing of your observability log and event data 

4 min read - Comprehensive environments include many sources of observable data to be aggregated and then analyzed for infrastructure and app performance management. Connecting and aggregating the data sources to observability tools need to be flexible. Some use cases might require all data to be aggregated into one common location while others have narrowed scope. Optimizing where observability data is processed enables businesses to maximize insights while managing to cost, compliance and data residency objectives.  As announced on 29 March 2024, IBM Cloud® released its next-gen observability…

June 21, 2024

Unify and share data across Netezza and watsonx.data for new generative AI applications

3 min read - In today's data and AI-driven world, organizations are generating vast amounts of data from various sources. The ability to extract value from AI initiatives relies heavily on the availability and quality of an enterprise's underlying data. In order to unlock the full potential of data for AI, organizations must be able to effectively navigate their complex IT landscapes across the hybrid cloud.   At this year’s IBM Think conference in Boston, we announced the new capabilities of IBM watsonx.data, an open…

June 4, 2024

IBM and SAP unlock business and industry value with new generative AI solutions 

3 min read - IBM Consulting is delivering on our commitment to co-innovate with SAP and collaborate with our clients. As part of our Value Generation Partnership initiative announced earlier this month with SAP, we are releasing the first 10 of 100 planned AI solutions to help clients transform their industries, optimize their business processes and successfully deliver their SAP programs.  Delivering AI business and industry innovation at scale  With the recently announced Value Generation Partnership initiative, IBM and SAP are co-innovating intelligent industry…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters